Skip to main content

GuardiCore (Deprecated)

This Integration is part of the GuardiCore Pack.#

Deprecated

Use GuardiCore v2 instead.

Data center breach detection. This integration was integrated and tested with version v3.0 of GuardiCore API.

Configure GuardiCore in Cortex#

ParameterRequired
Server URL (e.g. https://192.168.0.1)True
UsernameTrue
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

guardicore-get-incidents#


Display information about incidents (with filters).

Base Command#

guardicore-get-incidents

Input#

Argument NameDescriptionRequired
severityFilter by severity. Possible values are: High, Low, Medium.Optional
tagFilter by tag.Optional
from_timeFrom which date to fetch incidents, format is YYYY-MM-DD.Optional
to_timeUntil which date to fetch incidents, format is YYYY-MM-DD.Optional
incident_typeFilter by type of incidents, e.g. Deception, Lateral Movement.Optional
sourceFilter by source (hostname or IP address).Optional
destinationFilter by destination (hostname or IP address).Optional

guardicore-uncommon-domains#


Display the uncommon domains.

Base Command#

guardicore-uncommon-domains

Input#

Argument NameDescriptionRequired

guardicore-unresolved-domains#


Display the unresolved domains.

Base Command#

guardicore-unresolved-domains

Input#

Argument NameDescriptionRequired

guardicore-show-endpoint#


Display information about the endpoint given its ID.

Base Command#

guardicore-show-endpoint

Input#

Argument NameDescriptionRequired
host_idThe host ID.Required

guardicore-dns-requests#


Display the DNS requests.

Base Command#

guardicore-dns-requests

Input#

Argument NameDescriptionRequired

guardicore-search-endpoint#


Display information about the endpoint by its hostname or IP address.

Base Command#

guardicore-search-endpoint

Input#

Argument NameDescriptionRequired
ip_addressThe IP address of the endpoint.Optional
nameThe hostname of the endpoint.Optional

guardicore-misconfigurations#


Display the misconfigurations.

Base Command#

guardicore-misconfigurations

Input#

Argument NameDescriptionRequired

guardicore-get-incident#


Display information about the given incident.

Base Command#

guardicore-get-incident

Input#

Argument NameDescriptionRequired
idThe ID of the incident.Required

guardicore-get-incident-iocs#


Display the IOCs (Indicators of Compromise) of the given incident.

Base Command#

guardicore-get-incident-iocs

Input#

Argument NameDescriptionRequired
idThe ID of the incident.Required

guardicore-get-incident-events#


Display the events related to the given incidents.

Base Command#

guardicore-get-incident-events

Input#

Argument NameDescriptionRequired
idThe ID of the incident.Required

guardicore-get-incident-pcap#


Retrieve the PCAP file attached to the given incident.

Base Command#

guardicore-get-incident-pcap

Input#

Argument NameDescriptionRequired
idThe ID of the incident.Required

guardicore-get-incident-attachments#


Retrieve the files attached to the given incidents.

Base Command#

guardicore-get-incident-attachments

Input#

Argument NameDescriptionRequired
idThe ID of the incident.Required

guardicore-search-network-log#


Searches within the network log (with filters).

Base Command#

guardicore-search-network-log

Input#

Argument NameDescriptionRequired
sourceFilter by source (hostname or IP address).Optional
destinationFilter by destination (hostname or IP address).Optional
portFilter by port number.Optional
uuidFilter by Event ID.Optional